nginx 是一个知名的网页服务器,它的效能相较於其它是来的优秀,但这边不说这些原理。而反向代理能够隐藏我们後面的服务,接下来我将我所认知的配置进行使用。
nginx.conf 配置
http {
...
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
# load configs
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
对某站点进行配置
server {
listen 443 ssl;
server_name PUBLIC_DOMAIN
## SSL 凭证设定
ssl_certificate /etc/nginx/ssl/certs/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/certs/privkey.pem;
ssl_trusted_certificate /etc/nginx/ssl/certs/fullchain.pem;
# Header 配置
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# 反向代理配置
# 只要访问根节点,就帮我把封包转发给 100.100.4.120 中 9999 Port 服务
location / {
proxy_pass http://10.10.4.120:9999/;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_set_header Host $host:$proxy_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
# 反向代理配置
# 只要符合 http://DOMAIN/api/$PATH 规则,就帮我把封包转发给 100.100.4.120 中 8888 Port 服务
location ^~ /api/ {
proxy_pass http://10.10.4.120:8888/;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
proxy_set_header Host $host:$proxy_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Via "nginx";
}
}
docker-compose 可以如下配置。
...
nginx_proxy:
container_name: nginx
image: nginx:latest
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf
- ./nginx/cert:/etc/nginx/ssl/certs
- ./nginx/sites-enabled:/etc/nginx/sites-enabled
restart: always
ports:
- 80:80
- 443:443
整体过程会是 Client ---> Nginx ---> API
这段期间,我们用 Template Driven Forms 与 Reactive Forms 各...
Impair Process Control 攻击者尝试修改、关闭、损坏影响物理控制流程,影响设备生...
终於完赛了!!!马上来个接续28天UI设计的攻顶图~ 想想第一天突然决定参赛,中间不断想放弃的煎熬...
建立专案 首先先在 GitHub 上建立起一个练习专案吧! 输入好自己的专案资讯後,依照指令将 lo...
如果你刚接触编程,想建立网页/APP,HTML绝对是你第一个要学习的编程语言。 在这篇「HTML教学...